All this is a bit over the top for security but I think it’s worth the ease of mind. IF you have used a coumputer for many years this might seem common sense but yeah.
Staying secure online.
In this short guide, I will be covering everything (That I know) you can do to secure yourself. I think this guide can be overwhelming so I recommend doing a little each day. I am planning on updating it too.
This is not some invitation for people to hack me but just giving my two senses on what I know about security. It’s important to know that I am not responsible for anything that happens.
Few things you need to know sometimes trying to change your information all of a sudden can sometimes make google lock your account for a while. So make sure you’re doing all the information given that is about to be given on a device where you already use your Gmail account before. So that way your IP address is not different while trying to change important privacy settings.
Also, security is like adding more locks on a bike when you park. It is more hassle and effort to keep everything in order and once you want to ride the bike again you have to unlock all the locks.
First, I will go over some basics of staying secure online
LINKS
Don’t click on links from people you don’t trust, more true if it’s a link within an email.
Sometimes links can be dangerous to your computer and do more harm than good. Some links can take you to 2 different sites at the same time for example if you see a link called “Apple.com” and you click on it. It can first take you to a malicious site and then take you to apple and you wouldn’t know.
Sometimes the link can be completely fake and hackers can even fake login in pages for websites so that the page looks like you are on your Paypal website but once you type in the information it goes to them.
Some links can just take your IP address and then take you to the website stated.
Even crazy some links can be hidden from other websites for example someone might send you a link to (apple.com) But the A in the link could be a Russian letter A. Which google registers as different links.
Ways you can protect yourself against links.
Don’t click on links from people online you don’t trust.
Don’t click on links without a VPN.
If someone gives you a link it is often better to type out the website. (Depending on the link)
If you copy and paste a link into the website above it will check if the links are redirected. (This is not 100% accurate)
the websites below will check if a link is safe for you
https://www.virustotal.com/gui/home/url
https://urlscan.io/
(Once again not 100% accurate.)
If you were paying attention you shouldn’t of clicked the links above lol.
This is an example of a phishing link they are trying to get the user to log in to their Microsoft account using the link the hacker provided. Also, there is a sense of urgency because they don’t want you to think, they just want you to take everything at face value.
Another example is “click on the link below to restore email” If you get this it is most likely that you’re being a victim of a hack, if you get this type of email it’s most likely mean you email is ona data breach and that’s how hackers of found your email.
Hyperlinks are the worst because if you click on them you don’t know where they can take you. And if you don’t check them they can often look legit. like the one below
This can include if you get sketch emails make sure their actually from venly and don’t log in using the link provided in the email.
Editing
Secure password
I think to show you guys the importance of why having a different password for each of your accounts is so important.
The website above will show you whether ur email or phone number is in a public data leak. (There are also data leaks that the website doesn’t have) But it will check all the online data leaks to see if your email is on there.
A password should always be different for every website you use.
For many reason. The 4 main ways a hacker can get into your account is the following
They get a list of most commonly used passwords and then they put them into a software with your username and the software will try all the passwords with your email to log in. So that’s why your passwords shouldn’t be common.
Next main way would be using a phishing link as mentioned before, what they do is get you to log in using their link. Which then gives them your details.
The next main way would be to type all the information they have on you into a smart algorithm things like your dog’s name, your date of birth, your father’s favourite football team and so on
and then the algorithm would try all combined possibilities with the information it’s given.
So it would try to log in to your account using your dog’s name and your year’s birth.
Cooper1995 it might try 1995Copper and so on.
The last option would be to check your email on all leaked databases and find what information the leaked database have you. It might contain old passwords and then they will try this old password on your Netflix account your Paypal account and so on.
That’s why you don’t use the same password for your banking and your moshi monsters.
If it needs to be stated porn is the worst, one wrong download and it can all go wrong. I even heard of sites that can bitcoin mine on your pc cant find a source for that so take it will a massive grain of salt but am sure i read it’s possible.
The link below generates passwords that are secure just make
Make sure you tick the box that says “Generate on your device” on the website below.
https://passwordsgenerator.net/
This is an ideal password generate it produces passwords like this
+\95dQnu3#_'TJ;h
and not passwords with your DogsName1995
Don’t keep passwords saved on your computer as this could cause many issues. What is ideal is to write them down on a physical piece of paper and don’t take a picture of your passwords on your phone.
Make sure that you know the layout of your keyboard before just copying and pasting the generated password into the “create new password box”
First, write the new password on paper and then try to type it up on your pc.
Also when keeping passwords on paper make that the paper has some indication of what account it is for. You don’t want random numbers and letters with no meaning.
Also, make sure that the paper is safe from other people and make sure you have a backup copy in case you spill coffee on the paper with your passwords on and you lose them.
I have seen a technique people use when writing passwords on paper. They use a Keyword at the end of the password let me explain. Say for example you have a paper with your passwords on it, as shown below.
jh=A;:>&JfxM3Dhp
They would then put “Keyword” at the end of the piece of paper and this would be a word they know. So that if someone got access to their paper with all their passwords they wouldn’t know what the keyword is.
For example, If the keyword is Penguin
Then on paper, their password is
jh=A;:>&JfxM3Dhp Keyword
But their actual password would be
jh=A;:>&JfxM3DhpPenguin
It’s just that you are not writing your keyword on paper which in this case is Penguin.
You might ask how will I remember all my passwords. We will use Bitwarden the classic method of writing your passwords down.
Browser
To keep your browser secure it is best not to have browser extensions. In the past there have been malicious browser extensions that have stolen passwords and a couple of years ago hackers could even copy the cookies on your computer and steal your password that way.
I use a different browser for things like Sapien and Maitreya, That why it keeps the two things separate. It might be overboard.
But overall it’s important to know that browser extensions can be harmful if you are not careful with the ones you install. The best advice that I can give someone for keeping their browser safe is to go to setting and check if there is a need to update your browser. Updating your browser is key to having a safe browser.
APPs
Apps/Downloads Things you download on your PC are where you’re most vulnerable to harm.
Don’t download pirated software it is just not worth the risk. Pirated software can be hidden really well.
Sometimes you might download a pirated game and you might get the game but guess what? while you playing the game it is secretly bitcoin mining on your PC or maybe even downloading all the information on your pc.
So you might get the game and an empty bank.
Don’t download a game your friend is telling you he made and wants you to try out. His account might be hacked and the hacker is trying to get your account too.
This issue is really big on discord.
Even if someone is “offering” you money to test his “game” Once again you might get a game but also a virus.
Make sure the link before you download an application is legit. You can also run them through the links I provide at the start of the post.
You can also upload files to there’s websites to see if their legit
https://www.virustotal.com/gui/home/upload
https://www.hybrid-analysis.com/
Upload only applications and not important documents. Like that discord and so on.
It’s very important that you know what apps you have on your PC its good to clean your PC once in a while. Sometimes it’s best to save all files and logins to google drive and restart windows
DISCORD
Discord deserves its own category. lol
Just go on youtube and type how to stay safe on discord.
Great video below but doesn’t cover everything
Even if you don’t use discord it is still good to watch the video as the same general idea can be applied to Facebook and other messaging services.
Make sure only your friends can msg you on discord.
If you don’t use discord and have it installed. I will say it’s best to delete it. They also have access to all your messages anyway so it’s not the best in terms of privacy.
METADATA And Pictures
Every picture you take has meta data saved to it. sometimes it can have the exact location of where you too took the picture.
To remove the MetaData of a picture you can follow this article
https://www.makeuseof.com/tag/3-ways-to-remove-exif-metadata-from-photos-and-why-you-might-want-to/
Don’t use the first method as it doesn’t always remove the whole data of the picture. Use the second option which involves an application called GIMP. Don’t worry GIMP is open software that is safe. Once you are done you can uninstall it if you want.
It’s also important to know that once you post a picture online it never gets deleted even if you think you deleted it. The same goes for the picture you take on your phone and the messages you think you deleted.
FUNFACT
The police can secretly get you to open your phone using faceID or FingerPrint. To stop this on iPhone. You can hold down the power button and then press cancel. Which then locks other methods of opening your phone apart from typing in your passcode. Protesters would often do this before leaving the house.
Virtual cards
Virtual cards are amazing my friend has one. Sadly you can’t get one until you are 18.
But what a virtual card would do would allow you to create a random card within 2 mins that you can put money in directly and easily.
So that your actual card will never get revealed.
Privacy.com explains it even better
"Privacy gives you control over who can charge you and how much. Create virtual payment cards for one-time purchases or subscriptions, directly from your browser. Set spend limits, pause, unpause, and close cards any time you want. "
Is a really good option sadly only for the US.
I know if you live in the UK you can use Revolut however it doesn’t even compare to “Privacy” service
If you’re from the US really consider getting privacy and if ur not interested at least check it out. It can sometimes save you from putting your card number on stupid sites.
Phone Number
you must know before I go on to how to secure your google account section, depending on your phone provider and so on.
It can be more harm than good to add your phone number to your google account because is your phone number leaked online with your personal information? Who has your number? Do you get scam calls? Do you get a scam msg?
In the past, many people have got hacked because someone called their provider and told them they got a new sim and to switch all the messages to this new number which was the hacker’s number which allowed the hacker to get all their accounts.
So if you’re going for utmost security its best to get a 15-dollar Nokia with a sim in to use for accounts like Gumroad and Venly so that none will know your number so that you can always get your account back if you lose it.
If you are going to use your phone number then make sure to check and set up a secure password and a recovery email for your phone provider’s account. Don’t give your phone number to sketchy sites.
If you do get scam calls, it’s best to not pick up as doing this the scam caller will tick your number off the list because it’s inactive. If you get a call from a number you don’t know then don’t answer it. Let them message you.
Fun fact
The FBI have a program that can study the way you type on a keyboard. The program can measure how long it takes for someone to get to different letters on a keyboard and how long it takes people to spell certain words on average.
If you are tired of reading I would recommend watching this video really enjoyable.
(One of the most complex Internet mysteries that took over a decade. With the new requirements disappearing)
GOOGLE ACCOUNT
Read the whole post before doing anyway steps. that is why if you don’t understand anything you can msg me.
In this section, I would definitely recommend creating a new Gmail account. That way you can separate your work from things like Venly, Tee springs and gumroad. Also, it keeps you more secure because of a wide range of things. It’s hard to explain, but I would highly recommend creating a new google account. For things like your gumroad and tee springs accounts because keeping it separate from your work email or even your daily email can greatly reduce the risk of losing your account.
Things you must know is that you shouldn’t create your account using a vpn. Because if you ever lose the account and google wants you to prove its you. They would want you to log in using the same IP address you used when you first logged in.
I will show you how to set ceratin devices as trusted so you can log back in using the same devices if you ever forgot the password and ask google for a recovery.
Also, it’s important to know if you ever change your password for your google accounts you should keep the first password you used to create your account stored away. Because if you lose your account, google will ask for the first password you used for the account or your last known password.
I would recommend reading the whole post then, creating your new google account and then switching over accounts like Gumroad and so on to use your new email.
I wouldn’t do this if you are unsure or unclear about what is going on. If you are unsure just ask because I know sometimes I can write something then the next day I read over it and and it makes no sense.
The idea behind this email is that no one knows this email and you don’t use it to sign up with stuff other apart from Venly, Gumroad, Tee springs and the new SapienStore of course.
Would I use this for Phantom? I don’t really know I read a comment saying there is a fake version going around or a fake extension. So I would hold off on using it for that.
And I my self don’t know much about phantom
Anway where was I? Oh yeah, google account. Make sure the password you create is a secure one and not your dog’s name or it can be cracked by hackers.
Don’t add an email to this account if it gives you an option not to. If the option is mandtuary then put an email you know is secure.
Few things you should know when making this google account.
Using your real name and date of birth when signing up can be great if you ever lose your account and google ask to prove it’s you with your passport or water bill.
It’s a terrible idea if you start using this account to sign up for mat’s weekly gardening and if your under 18 of course.
If you followed the steps above and created a google account i would then recommend login into at least two of your trusted devices that you will always have on you. So on your computer and your iPad make sure the box “Remember me” is ticked.
Well, one of the options to secure your account would be to use a You can use a Yubico - YubiKey 5 NFC. It a bit hardcore but if you want to you can.
(You don’t have to do this option)
What a Yubico does is that every time you log in to your google account it will ask for your password and also for you to plug the YubiKey into your pc. This protects your account because it brings the virtual to the physical. Someone would need your email, password and the physical key you have to login in.
So if someone knew your password they would still need the physical key to get in. If you are interested in this then I would highly recommend checking the link below and searching online for how to set it up. It’s actually really easy. And if you have a Youbikey Google wouldn’t force you to enter a phone number if you want 2-Step verification.
If you don’t want to do that then there is the next step This step requires a bit of time.
What were going to do now is secure your account using the 2 methods google provides. Few things you should know before starting. Don’t start unless you have free time because if you stop and start this process it can make it harder.
This is why I recommend making a new google account so can sorta play around and see what works and what doesn’t work for you when it comes to how you protect your account.
Have a paper and pen (Which we will use later)
Have the google Authenticator app download on your phone. (You don’t need a camera but it is really recommended especially when we go on to venly and tee spring.)
App on the app store to show you what it looks like
So what we’re going to do is set up google-authenticator so that every time you log in to your account it will ask for a code that the app generates.
So you will need your phone every time you log in to your account
however, it wouldn’t ask you for the google-authenticator code if you have your account already login in and saved on your pc. but it will affect others trying to log in using your account for the first time.
Had to delete a whole bunch of text
(This video is handy if you want to set up google-authenticator. Read the below text until the bracket ends. It’s useful information before watching the video and starting the process
Make sure to check if you are on the right google account after heading to
myaccount.google.com
Make sure that you don’t share your bar code or the Authenticator key that google will give you.
If you can’t find where it says “2-Step verification” it is below where the red arrow is pointing
Setting up google-authenticator Google will ask for your number.
I will once again recommend getting a burner phone if you want to enter your phone number. For important stuff like your email account for your NFTs.
What if I want to login into my google account on my PC but I don’t have internet on my phone?
Well, google-Authenticator works offline but it shouldn’t even matter because you will most likely already be logged in on your PC.
What if I lose my phone and cant assess google-Authenticator how will I be able to log in to my account?
Well, we will create “backup codes” so that if you don’t have your phone on you you can still log in and disable “Google Authenticator”.
watch the video if you are interested in the Google Authenticator.
I don’t recommend skipping steps so if you don’t want to set up Google authenticator. Then at least setup 2-factor authentication for your number. This will make your account so much more secure.
)
Once you’re done, the next should be done quickly.
we are going to create “Backup codes”
So that If you were to ever lose your phone. These “backup codes” can give you access to your account.
Below is an example of what “Backup codes” look like.
The backup codes option will give you 10 single-use codes you can use to get into your account if you happen to not have your phone on you for 2-step verification.
But you must remember that you would still need to know your password before it gives you an option to type in your backup codes.
And it is not ideal for you to constantly log in using “back up codes”. If you are familiar with Venly Pin it is similar to that.
When creating a backup code It’s important that you don’t download or print them off because when printing them off your open yourself to more risk of people getting them codes especially if it’s a smart printer that works over the web.
Extreme I know but better safe than sorry. Also downloading them, well because you shouldn’t have any files on your pc that can give away your account details.
to create the backup codes go to
myaccount.google.com/security
Then the “2-Step verification”
(if you can’t find where “2-Step verification” it is under where the arrow is pointing.
)
When you click on this it will ask for your password.
Once you type in your password you will get 5 options called
“Authenticator app”
“Voice or text message”
“BackupCodes”
“Google prompts”
“Security key”
If you have done the “Authenticator app” right you should get a tick or something indicating that the Authenticator app is active
anyway we are here to set up “back up codes” so then click on “back up codes” with the aeroplane emoji
Click on create backup codes and make sure you write all the 10 important codes and soon as you write them down store them in a safe place. When you write them down make sure to mention what account their for because you don’t want to forget that. lol and make sure you don’t get your 0 and O mix up that would be awkward.
Then you should have your backup codes active.
Go back to
myaccount.google.com/security
Then scroll down and where it says
“Enhanced safe browsing for your account”
Let’s turn that on while we are here.
Once again lets go back to
myaccount.google.com/security
Find the box that says “Ways that we can verify that it’s you”
Then there is a recovery phone i would recommend putting a number that you will always have so that you can always recover the account.
And then for the recovery email, I would 100% Make a new email Lol I know.
The email I used for the recovery, is one that I don’t have saved on my pc it’s on paper somewhere. So there is no activity on that account and if worst comes to worst I can find that account and use it to recover my google account.
One thing you should know is that when creating accounts for other websites for things like venly and things I would recommend not using the
“Sign in with google account” option
Because you want to minimize risk if worst comes to worst.
This option allows anyone logged into your google account to see what you have sign up for and it will automatically give them assess.
I hope that makes sense but what am trying to say is that if you sign up to a website you should not use the option “Sign in with google/ Contuine with google” Because if someone gets access to your google account it will tell them what other websites you used and it will give them assess to that account.
But if you create an account and use your email its safer. Because if a hacker got your google account you can still log in to venly and temporary pause your account.
myaccount.google.com
Look around on your google account. See what devices are logged in. See who last got into your account just look around. Go through the mini security page and taps on their they got lots of information to avoid scams and so on.
The number one tip I can give you is really top secretly. it was passed on to me when I was just a kid. Through my father which was also given to him when he was just a kid.
To not get scammed is…
Don’t be an idiot. Unless you’ve been using unexpected gifts your most likely haven’t won a new iPhone because your great grandfather was a soldier in world 2.
Sorry, had to include some British humour.
But yeah if something is to good to be true then it most likely a scam, of course, this doesn’t include Sapien audios.
Phew, I will update this with more ways you can protect your and but lets go on to bread and butter Venly and Tee Spring although it isn’t much you can do.
That is not mentioned
VENLY
If you want to learn about venly then this isnt the post, Luna has made a great post about venly.
This bit is for creating a venly account. Although after this the next step would be to secure the Venly account.
When creating your venly account as stated above make sure you create an account and not use the option “Sign in with google option”.
I know some people already have a venly account made when buying of tee springs.
If you just created your venly account it will give you the option for a master to create a master pin. This master pin is important for getting your account back if you ever lose it so be wise and don’t use a number that anyone can guess. Like 123456 or a number like your date of birth 140501. (Not my date of birth just an example of what shouldn’t be done)
I recommend writing this down. The pin is for when you lose it will give you access to your account.
Next step is to secure our account for venly. Once you’re logged if you go to your “User settings” which should be at the top right. Left hand side you get a bunch of options
“ACCOUNT”
“PASSWORD”
“TWO-FACTOR AUTHENTICATION”
“SOCIAL LOGINS”
“SESSIONS”
“APPLICATIONS”
“LOG”
Right now we’re interested in “ACCOUNT” so click on that it should ask for your First Name and Last Name.
I would recommend putting your real details in. Had a friend locked out his PayPal account and PayPal asked for proof he was the owner of his account but since he never used his real name for PayPal account they wouldn’t give him his account back cause they couldn’t prove who was the real owner.
Next we are going to do some basic stuff. Just setting up the 2 factor
Head over to “TWO-FACTOR AUTHENTICATION” you should see steps to set up Google Authenticator follow the steps by downloading the Google Authenticator app scanning the barcode and quickly typing in the numbers you get on your phone to the boxed name “One-time code” On venly. This is not asking for your venly pin its asking for the 6 digits you get on the app.
(dont share your barcode or the numbers you get through the app. Venly customer service would never need any of this information.)
Then once it’s set up you would know because the barcode will disappear.
Head over to “LOG” and you can see every time you logged in to your account check this “log” page for suspicious activity.
Also, look out for emails by venly telling you if you have unusual activity just make sure they’re legit emails and not a hacker asking you to login using this link below.
“Only the paranoid survive”
Using common sense really that the best advice.
Tee spring
All the same rules apply from venly. tee spring do ask you for your address and phone number which i do recommend giving.
Also if set up GOOGLE AUTHENTICATION is the same.
Once you are reasonably comfortable with using your new google account and I would recommend switching all your account to this new google account as I have.
More coming soon
was fun writing this. A lot to get through lol
Just seen this image this is why i dont recommend using your phone number if you have given your phone number to lots of different sites.
Hackers spoof number so when they send msg to somone it looks like it was sent from google.